{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42298", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-30T07:40:12.270Z", "datePublished": "2024-08-17T09:09:05.866Z", "dateUpdated": "2024-09-15T17:53:06.678Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-09-15T17:53:06.678Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this returned\nvalue is not checked.\n\nFix this lack and check the returned value."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/fsl/fsl_qmc_audio.c"], "versions": [{"version": "075c7125b11c", "lessThan": "b4205dfcfe96", "status": "affected", "versionType": "git"}, {"version": "075c7125b11c", "lessThan": "af466037fa2b", "status": "affected", "versionType": "git"}, {"version": "075c7125b11c", "lessThan": "e62599902327", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/fsl/fsl_qmc_audio.c"], "versions": [{"version": "6.4", "status": "affected"}, {"version": "0", "lessThan": "6.4", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.44", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10.3", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/b4205dfcfe96182118e54343954827eda51b2135"}, {"url": "https://git.kernel.org/stable/c/af466037fa2b263e8ea5c47285513d2487e17d90"}, {"url": "https://git.kernel.org/stable/c/e62599902327d27687693f6e5253a5d56583db58"}], "title": "ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42298", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:10:41.543942Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:33:28.675Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42298", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:10:41.543942Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:23.605Z"}}], "cna": {"title": "ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "075c7125b11c", "lessThan": "b4205dfcfe96", "versionType": "git"}, {"status": "affected", "version": "075c7125b11c", "lessThan": "af466037fa2b", "versionType": "git"}, {"status": "affected", "version": "075c7125b11c", "lessThan": "e62599902327", "versionType": "git"}], "programFiles": ["sound/soc/fsl/fsl_qmc_audio.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.4"}, {"status": "unaffected", "version": "0", "lessThan": "6.4", "versionType": "custom"}, {"status": "unaffected", "version": "6.6.44", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.3", "versionType": "custom", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["sound/soc/fsl/fsl_qmc_audio.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/b4205dfcfe96182118e54343954827eda51b2135"}, {"url": "https://git.kernel.org/stable/c/af466037fa2b263e8ea5c47285513d2487e17d90"}, {"url": "https://git.kernel.org/stable/c/e62599902327d27687693f6e5253a5d56583db58"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this returned\nvalue is not checked.\n\nFix this lack and check the returned value."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-09-15T17:53:06.678Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42298", "state": "PUBLISHED", "dateUpdated": "2024-09-15T17:53:06.678Z", "dateReserved": "2024-07-30T07:40:12.270Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-08-17T09:09:05.866Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD8C07C9-5A22-4C32-908B-211B58A46875", "versionEndExcluding": "6.6.44", "versionStartIncluding": "6.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D", "versionEndExcluding": "6.10.3", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this returned\nvalue is not checked.\n\nFix this lack and check the returned value."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: fsl: fsl_qmc_audio: comprobar el valor devuelto de devm_kasprintf() devm_kasprintf() puede devolver un puntero NULL en caso de error, pero este valor devuelto no se comprueba. Solucione esta falta y verifique el valor devuelto."}], "id": "CVE-2024-42298", "lastModified": "2024-09-10T18:42:19.607", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-08-17T09:15:10.230", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/af466037fa2b263e8ea5c47285513d2487e17d90"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b4205dfcfe96182118e54343954827eda51b2135"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e62599902327d27687693f6e5253a5d56583db58"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value", "id": "2305443", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305443"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-252->CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value\ndevm_kasprintf() can return a NULL pointer on failure but this returned\nvalue is not checked.\nFix this lack and check the returned value.", "A vulnerability was found in the `devm_kasprintf()` function in the Linux kernel's `fsl_qmc_audio` driver. This function can return a NULL pointer if memory allocation fails, but the original code did not check for this possibility. This oversight could lead to dereferencing a NULL pointer, potentially causing crashes or undefined behavior. The fix involves adding a NULL check after the `devm_kasprintf()` call. If the returned pointer is NULL, an error message is logged, and the function returns an error code to prevent further use of the invalid pointer. This change enhances the robustness of the driver by handling memory allocation failures gracefully."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-42298", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-08-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42298\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42298\nhttps://lore.kernel.org/linux-cve-announce/2024081748-CVE-2024-42298-d6a1@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate"}